General
-
Target
028f6fb69753071f074bbcba7768497e_JaffaCakes118
-
Size
2.6MB
-
Sample
240427-ghkvbacd86
-
MD5
028f6fb69753071f074bbcba7768497e
-
SHA1
0519a7d00d7e540b02c17ad2155462c85b555d54
-
SHA256
f0eb408cd44334d5bc53f99b453357f55d69219d54f67ddc719229c4b7d10db0
-
SHA512
6ba2cd69fe3ad9722a501a4b20f006d834f93970d4d93a3796ae9fa4c15a0fc2cccf630b0ed90cfc41303fd23c5e0f1cdbcf128050c22a0fe0b29d0b6e8c8973
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrln:86SIROiFJiwp0xlrln
Behavioral task
behavioral1
Sample
028f6fb69753071f074bbcba7768497e_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Targets
-
-
Target
028f6fb69753071f074bbcba7768497e_JaffaCakes118
-
Size
2.6MB
-
MD5
028f6fb69753071f074bbcba7768497e
-
SHA1
0519a7d00d7e540b02c17ad2155462c85b555d54
-
SHA256
f0eb408cd44334d5bc53f99b453357f55d69219d54f67ddc719229c4b7d10db0
-
SHA512
6ba2cd69fe3ad9722a501a4b20f006d834f93970d4d93a3796ae9fa4c15a0fc2cccf630b0ed90cfc41303fd23c5e0f1cdbcf128050c22a0fe0b29d0b6e8c8973
-
SSDEEP
49152:8coQxSBeKeiOSiFmoJggggLo40KDi3gp0XhCjyrln:86SIROiFJiwp0xlrln
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1